← Home

@truenine/memory-sync-cli

npm Repository Homepage

TrueNine Memory Synchronization CLI metadata package

51
Versions
AGPL-3.0-only
License
No
Install Scripts
Missing
Provenance

Supply chain provenance

Status for the latest visible version.

No SLSA provenance npm registry signatures No source commit

Without SLSA provenance there is no cryptographic link between this tarball and the public source — the axios compromise (March 2026) relied on exactly this gap.

Maintainers

falsezero

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
phantom-deps phantom-dep:remark-frontmatter AI (phantom-deps): Remark plugin for YAML frontmatter; indirect through unified ecosystem. ai
phantom-deps phantom-dep:remark-parse AI (phantom-deps): Remark parser; indirect usage through unified markdown processing pipeline. ai
phantom-deps phantom-dep:@clack/prompts AI (phantom-deps): Interactive CLI prompts library; legitimate indirect usage in CLI tool. ai
phantom-deps phantom-dep:remark-stringify AI (phantom-deps): Remark serializer; indirect usage through unified markdown processing. ai
phantom-deps phantom-dep:yaml AI (phantom-deps): Legitimate indirect dependency used through remark ecosystem and config processing in CLI tool. ai
phantom-deps phantom-dep:unified AI (phantom-deps): Core remark ecosystem dependency; used indirectly through remark-parse/stringify plugins. ai
phantom-deps phantom-dep:winston AI (phantom-deps): Logging library; typical indirect usage pattern in CLI tools via plugin system. ai
phantom-deps phantom-dep:fs-extra AI (phantom-deps): File system utility; commonly used indirectly in build/CLI tools. ai
phantom-deps phantom-dep:fast-glob AI (phantom-deps): Glob pattern matching; indirect usage in file discovery patterns for CLI. ai
phantom-deps phantom-dep:picomatch AI (phantom-deps): Pattern matching utility; indirect dependency of fast-glob and CLI matching logic. ai
phantom-deps phantom-dep:picocolors AI (phantom-deps): Terminal color utility; indirect usage in CLI output formatting. ai
phantom-deps phantom-dep:remark-gfm AI (phantom-deps): Remark plugin for GitHub-flavored markdown; indirect through unified ecosystem. ai
source-diff net-exec-file:dist/babel.cjs AI (source-diff): Network+exec pattern is from bundled Babel/webpack runtime internals (dynamic require, module resolution). Not dropper/loader malware. ai
source-diff obfuscated-file:dist/jiti-B3PPFIgr.mjs AI (source-diff): dist/jiti-B3PPFIgr.mjs is a bundled jiti/mlly runtime. Long lines are minified bundle output from tsdown/rollup, not obfuscation. ai
source-diff obfuscated-file:dist/babel.cjs AI (source-diff): dist/babel.cjs is a webpack-bundled Babel toolchain runtime. Long lines are minified bundle output, not obfuscation. Expected artifact for a CLI tool bundling its dependencies. ai

Versions (showing 51 of 139)

View all versions
Version Deps Published
2026.10503.119 0 / 0
2026.10502.118 0 / 0
2026.10425.10602 0 / 0
2026.10425.10151 0 / 0
2026.10424.111 0 / 0
2026.10423.10544 0 / 0
2026.10423.10517 0 / 0
2026.10423.10401 0 / 0
2026.10423.10319 0 / 0
2026.10422.10749 0 / 0
2026.10411.10132 1 / 11
2026.10408.12323 0 / 10
2026.10406.121 0 / 10
2026.10404.101 0 / 10
2026.10403.117 0 / 10
2026.10402.116 0 / 10
2026.10402.110 0 / 10
2026.10402.109 0 / 10
2026.10402.103 0 / 10
2026.10330.118 3 / 16
2026.10330.108 3 / 16
2026.10329.110 3 / 16
2026.10328.106 3 / 16
2026.10327.10010 3 / 16
2026.10325.12228 3 / 16
2026.10324.11958 3 / 16
2026.10324.10325 3 / 16
2026.10324.10015 3 / 16
2026.10323.10738 3 / 16
2026.10323.10152 3 / 16
2026.10322.104 3 / 16
2026.10319.10359 3 / 16
2026.10318.12034 3 / 16
2026.10318.11638 3 / 16
2026.10303.11117 12 / 6
2026.10303.11058 12 / 6
2026.10302.10037 12 / 7
2026.10224.10619 12 / 49
2026.10223.10952 12 / 49
2026.10223.10941 12 / 49
2026.10223.10555 12 / 49
2026.10222.10836 7 / 48
2026.10221.10208 7 / 14
2026.10221.10118 7 / 14
2026.10221.10031 7 / 14
2026.10220.11748 6 / 13
2026.10219.12358 6 / 13
2026.10219.12050 6 / 13
2026.10219.11823 6 / 13
2026.10219.10518 6 / 13
2026.10219.10305 6 / 13

v2026.10503.119

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10502.118

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10425.10602

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10425.10151

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10424.111

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10544

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10517

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10401

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10423.10319

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10422.10749

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10411.10132

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10408.12323

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10406.121

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10404.101

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10403.117

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.116

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.110

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.109

4 findings
HIGH New obfuscated file: dist/babel.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New file with network + code execution: dist/babel.cjs source-diff

Newly added file contains both network calls and dynamic code execution. This is a hallmark of dropper/loader malware.

HIGH New obfuscated file: dist/jiti-B3PPFIgr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10402.103

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10330.118

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10330.108

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10329.110

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10328.106

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10327.10010

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10325.12228

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.11958

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.10325

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10324.10015

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10323.10738

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10323.10152

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10322.104

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10319.10359

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v2026.10318.12034

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10318.11638

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10303.11117

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10303.11058

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10302.10037

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10224.10619

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10952

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10941

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10223.10555

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10222.10836

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10208

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10118

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10221.10031

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10220.11748

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.12358

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.12050

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.11823

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.10518

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v2026.10219.10305

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.